Software Bill of Materials (SBOM)
Snackbox is released under the BSD-3-Clause License. All direct and transitive Go module dependencies use MIT, BSD-3-Clause, or Apache-2.0 - all of which are compatible with BSD-3-Clause outbound licensing and impose no copyleft or viral obligations.
Notable: mattn/go-sqlite3 bundles the SQLite C amalgamation, which is public domain and carries no license obligations.
How to Evaluate
Install go-licenses and run it from the repository root:
go install github.com/google/go-licenses@latest
$(go env GOPATH)/bin/go-licenses report ./...
This prints one line per dependency with its name, license URL, and SPDX identifier. Update the table below whenever go.mod changes. Also run make govulncheck to check all listed packages for known CVEs.
Dependencies
| Package | Version | License |
|---|---|---|
github.com/spf13/cobra | v1.10.2 | MIT |
github.com/spf13/pflag | v1.0.9 | BSD-3-Clause |
github.com/golang-jwt/jwt/v5 | v5.3.1 | MIT |
github.com/mattn/go-sqlite3 | v1.14.34 | MIT |
golang.org/x/crypto | v0.48.0 | BSD-3-Clause |
golang.org/x/term | v0.42.0 | BSD-3-Clause |
golang.org/x/time | v0.15.0 | BSD-3-Clause |
golang.org/x/sys | v0.43.0 | BSD-3-Clause |
github.com/beorn7/perks | v1.0.1 | MIT |
github.com/cespare/xxhash/v2 | v2.3.0 | MIT |
github.com/munnerz/goautoneg | v0.0.0-20191010083416-a7dc8b61c822 | BSD-3-Clause |
github.com/prometheus/client_golang | v1.23.2 | Apache-2.0 |
github.com/prometheus/client_model | v0.6.2 | Apache-2.0 |
github.com/prometheus/common | v0.66.1 | Apache-2.0 |
github.com/prometheus/procfs | v0.16.1 | Apache-2.0 |
go.yaml.in/yaml/v2 | v2.4.2 | Apache-2.0 |
google.golang.org/protobuf | v1.36.8 | BSD-3-Clause |
github.com/inconshreveable/mousetrap | v1.1.0 | Apache-2.0 |
github.com/kr/text | v0.2.0 | MIT |